Creating a New Encrypted Volume Using LUKS

Hands-On Lab

 

Photo of Bob Salmans

Bob Salmans

Security Training Architect I in Content

Length

00:30:00

Difficulty

Intermediate

In this hands-on lab, we will use Linux Unified Key Setup (LUKS) to encrypt a volume on a Red Hat host. Then we'll go through the process of unmounting and closing the volume and re-opening and re-mounting the volume, which is standard practice for encrypted volumes not mounted at boot.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Creating a New Encrypted Volume Using LUKS

Introduction

In this hands-on lab, we will use Linux Unified Key Setup (LUKS) to encrypt a volume on a Red Hat host. Then we'll go through the process of unmounting and closing the volume and re-opening and re-mounting the volume, which is standard practice for encrypted volumes not mounted at boot.

Connecting to the Lab

  1. Open your terminal application, and run the following command (remember to replace <PUBLIC_IP> with the public IP you were provided on the lab instructions page):
    ssh cloud_user@<PUBLIC_IP>
  2. Type yes at the prompt.
  3. Enter your cloud_user password at the prompt.
  4. Become the root user.
    sudo su

Create a New Logical Volume

  1. List the available volume groups.
    vgs
  2. Create a new logical volume.
    lvcreate -L 100M -n patient_lv luks_vg
  3. Verify that the new volume was successfully created.
    lvs

Encrypt the Volume with LUKS

  1. List the contents of the /dev/mapper directory.
    ls /dev/mapper
  2. Encrypt the luks_vg-patient_lv volume group.
    cryptsetup luksFormat /dev/mapper/luks_vg-patient_lv
  3. Type YES at the prompt.
  4. Enter Pinehead1! at the passphrase prompt.
  5. Enter Pinehead1! at the passphrase confirmation prompt.
  6. Verify that the volume was successfully encrypted.
    blkid | grep patient
  7. Open the volume.
    cryptsetup luksOpen /dev/mapper/luks_vg-patient_lv patient_lv
  8. Enter Pinehead1! at the passphrase prompt.
  9. List the contents of the /dev/mapper directory.
    ls /dev/mapper
  10. Overwrite all of the storage on the new volume.
    shred -v -n1 /dev/mapper/patient_lv 
  11. Format the new volume.
    mkfs.ext4 /dev/mapper/patient_lv
  12. Create a new directory to serve as the mount point for the volume.
    mkdir /data
  13. Mount the new volume.
    mount /dev/mapper/patient_lv /data
  14. List the contents of the /data directory.
    ls /data
  15. Check the status of the new encrypted volume.
    cryptsetup -v status patient_lv

Create a Test File on the New Volume

  1. Change to the /data directory.
    cd /data
  2. Create a new test file called test.txt.
    touch test.txt
  3. List the contents of the /data directory to verify that the file was created.
    ls

Conclusion

Congratulations, you've successfully completed this hands-on lab!